Your review has been sent successfully

Microsoft Alert

3223
Classification
These posts contain security alerts, including digital loopholes, electronic attacks, technical updates, and they are classified base on the level of severity.

Critical

High

Medium

Low

Warning Date

Severity Level

Warning Number

Target Sector

13 April, 2022

● High

2022-4654

All

Description:

Microsoft has released security updates to address several vulnerabilities in the following products:

  • .NET Framework
  • Active Directory Domain Services
  • Azure SDK
  • Azure Site Recovery
  • LDAP - Lightweight Directory Access Protocol
  • Microsoft Bluetooth Driver
  • Microsoft Dynamics
  • Microsoft Edge (Chromium-based)
  • Microsoft Graphics Component
  • Microsoft Local Security Authority Server (lsasrv)
  • Microsoft Office Excel
  • Microsoft Office SharePoint
  • Microsoft Windows ALPC
  • Microsoft Windows Codecs Library
  • Microsoft Windows Media Foundation
  • Power BI
  • Role: DNS Server
  • Role: Windows Hyper-V
  • Skype for Business
  • Visual Studio
  • Visual Studio Code
  • Windows Ancillary Function Driver for WinSock
  • Windows App Store
  • Windows AppX Package Manager
  • Windows Cluster Client Failover
  • Windows Cluster Shared Volume (CSV)
  • Windows Common Log File System Driver
  • Windows Defender
  • Windows DWM Core Library
  • Windows Endpoint Configuration Manager
  • Windows Fax Compose Form
  • Windows Feedback Hub
  • Windows File Explorer
  • Windows File Server
  • Windows Installer
  • Windows iSCSI Target Service
  • Windows Kerberos
  • Windows Kernel
  • Windows Local Security Authority Subsystem Service
  • Windows Media
  • Windows Network File System
  • Windows PowerShell
  • Windows Print Spooler Components
  • Windows RDP
  • Windows Remote Procedure Call Runtime
  • Windows schannel
  • Windows SMB
  • Windows Telephony Server
  • Windows Upgrade Assistant
  • Windows User Profile Service
  • Windows Win32K
  • Windows Work Folder Service
  • YARP reverse proxy
Threats:

An attacker could exploit these vulnerabilities by doing the following:

  • Denial of service attack (DoS)
  • Security feature bypass
  • Disclosure of information
  • Privilege escalation
  • Remote code execution
  • Spoofing
Best practice and Recommendations:

The CERT team encourages users to review Microsoft security advisory and apply the necessary updates:

Update instructions:

Last updated at 13 April, 2022

Rate the content

rate-icon
up icon